#!/bin/bash
# The following may be heavily borrowed from, if not 
# copied from, the NSA's December 20, 2007 "Guide to the 
# Secure Configuration of Red Hat Enterprise Linux 5, Revision 2"

# Title - Verify that No Accounts Have Empty Password Fields

#Initialize variables
export PRECHECK="if [ -z $(awk -F: '($2 == "") {print}' /etc/shadow) ]; then echo All user accounts have passwords; fi"
export QUESTION="Would you like to verify that no accounts have empty password fields?"
export DESCRIPTION="If an account has an empty password, anybody may log in and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments."
export SOLUTION="echo -e \"WARNING! A password is needed for the following: \n\`awk -F: '(\$2 == \"\") {print \"\\t\"\$1}' /etc/shadow\`\""
